def test_success(self, mocked_execute_call_v2, circuits_app, mcafee_esm_alarm_triggered_time_range, mcafee_esm_alarm_triggered_start_time, mcafee_esm_alarm_triggered_end_time, expected_results): """ Test calling with sample values for the parameters """ function_params = { "mcafee_esm_alarm_triggered_time_range": mcafee_esm_alarm_triggered_time_range, "mcafee_esm_alarm_triggered_start_time": mcafee_esm_alarm_triggered_start_time, "mcafee_esm_alarm_triggered_end_time": mcafee_esm_alarm_triggered_end_time } content1 = {"status": "success"} content2 = [{ "severity": 50, "summary": "Signature ID 'Failed User Logon' (306-31) match found", "assignee": "admin", "triggeredDate": "08/27/2018 18:47:14", "acknowledgedDate": "", "acknowledgedUsername": "", "alarmName": "Failed User Logon", "conditionType": 22, "id": 8195 }] mocked_execute_call_v2.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] results = call_mcafee_esm_get_triggered_alarms_function( circuits_app, function_params) results.pop("metrics") assert (expected_results == results)
def test_success(self, mocked_requests_post, circuits_app, mcafee_esm_edit_case_json, mcafee_esm_case_id, expected_results): """ Test calling with sample values for the parameters """ function_params = { "mcafee_esm_edit_case_json": mcafee_esm_edit_case_json, "mcafee_esm_case_id": mcafee_esm_case_id } content1 = {"status": "success"} content2 = { "dataSourceList": None, "assignedTo": 1, "orgId": 1, "closeTime": "08/22/2018 21:27:34", "eventList": [], "deviceList": None, "notes": [{ "changes": [], "content": "", "username": "******", "action": "Open", "timestamp": "08/22/2018 21:27:34(GMT)" }], "noteAdded": "", "history": [{ "changes": [], "content": "", "username": "******", "action": "Viewed", "timestamp": "08/22/2018 21:28:24(GMT)" }], "severity": 1, "summary": "test5", "openTime": "08/22/2018 21:27:34", "id": 8194, "statusId": { "value": 1 } } mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200), generate_response({}, 200) ] results = call_mcafee_esm_edit_case_function(circuits_app, function_params) results.pop("metrics") assert expected_results == results
def test_query_esm(self, mocked_requests_common): ops = check_config(t_config_data) content1 = { "totalRows": 0, "resultID": "123456789", "totalResultID": "0", "groupByString": "", "countColumn": 0, "labelColumn": 0, "attributeColumn": 0, "drilldownColumn": 1 } content2 = { 'totalRecords': 1, 'complete': True, 'milliseconds': 5, 'percentComplete': 100 } mocked_requests_common.execute_call_v2 = MagicMock() mocked_requests_common.execute_call_v2.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] data = '{"config": {"timeRange": "CUSTOM", "customStart": "2018-08-15T14:49:25.324Z", "customEnd": "2018-08-20T15:49:25.324Z", "order": [{"direction": "ASCENDING", "field": {"name": "FirstTime"}}], "includeTotal": "false", "fields": [{"name": "FirstTime"}, {"name": "LastTime"}, {"name": "DSIDSigID"}, {"name": "EventCount"}, {"name": "SrcIP"}, {"name": "Rule.msg"}, {"name": "AppID"}, {"name": "Filename"}, {"name": "HostID"}, {"name": "Object_Type"}, {"name" : "Threat_Name"}], "filters": [{"type": "EsmFieldFilter", "field": {"name": "DSIDSigID"}, "operator": "IN", "values": [{"type": "EsmBasicValue", "value": "306-50080"}]}]}}' r_ID, r = query_esm(mocked_requests_common, ops, {}, data, "EVENT") assert 1 == r assert '{"resultID": "123456789"}' == r_ID
def test_success(self, mocked_requests_post, circuits_app, expected_results): """ Test calling with sample values for the parameters """ function_params = { } content1 = { "status": "success" } content2 = [{ "severity": 2, "summary": "test3", "openTime": "08/09/2018 21:07:29", "id": 2, "statusId": { "value": 1 } }, { "severity": 1, "summary": "test3", "openTime": "08/10/2018 19:18:43", "id": 3, "statusId": { "value": 1 } }] mocked_requests_post.side_effect = [generate_response(content1, 200), generate_response(content2, 200)] results = call_mcafee_esm_get_list_of_cases_function(circuits_app, function_params) results.pop("metrics") assert(expected_results == results)
def test_case_get_list_of_cases(self, mocked_requests_post): ops = check_config(t_config_data) content1 = { "status": "success" } content2 = [{ "severity": 2, "summary": "test3", "openTime": "08/09/2018 21:07:29", "id": 2, "statusId": { "value": 1 } }, { "severity": 1, "summary": "test3", "openTime": "08/10/2018 19:18:43", "id": 3, "statusId": { "value": 1 } }] mocked_requests_post.side_effect = [generate_response(content1, 200), generate_response(content2, 200)] actual_response = case_get_case_list(ops) assert content2 == actual_response
def test_case_edit_case_details(self, mocked_requests_post): ops = check_config(t_config_data) content1 = {"status": "success"} content2 = { "dataSourceList": None, "assignedTo": 1, "orgId": 1, "closeTime": "08/22/2018 21:27:34", "eventList": [], "deviceList": None, "notes": [{ "changes": [], "content": "", "username": "******", "action": "Open", "timestamp": "08/22/2018 21:27:34(GMT)" }], "noteAdded": "", "history": [{ "changes": [], "content": "", "username": "******", "action": "Viewed", "timestamp": "08/22/2018 21:28:24(GMT)" }], "severity": 1, "summary": "test5", "openTime": "08/22/2018 21:27:34", "id": 8194, "statusId": { "value": 1 } } mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200), generate_response({}, 200) ] payload = { "caseDetail": { "summary": "This is a new summary", "severity": "2" } } case_edit_case_details(ops, payload, 1) # Doesn't return anything, if it made it here it passed successfully assert True
def test_get_case_event_detail(self, mocked_requests_post): ops = check_config(t_config_data) content1 = {"status": "success"} content2 = [{ "lastTime": "08/22/2018 17:39:05", "id": "144115188075855872|1422", "message": "Failed User Logon" }] mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] actual_response = case_get_case_events_details(ops, 1) assert content2 == actual_response
def test_success(self, mocked_execute_call_v2, circuits_app, mcafee_event_ids_list, expected_results): """ Test calling with sample values for the parameters """ function_params = { "mcafee_event_ids_list": mcafee_event_ids_list } content1 = { "status": "success" } content2 = [{ "lastTime": "08/22/2018 17:39:05", "id": "144115188075855872|1422", "message": "Failed User Logon" }] mocked_execute_call_v2.side_effect = [generate_response(content1, 200), generate_response(content2, 200)] results = call_mcafee_esm_get_case_events_detail_function(circuits_app, function_params) results.pop("metrics") assert(expected_results == results)
def test_case_get_list_of_cases(self, mocked_requests_post): ops = check_config(t_config_data) content1 = {"status": "success"} content2 = [{ "severity": 50, "summary": "Signature ID 'Failed User Logon' (306-31) match found", "assignee": "admin", "triggeredDate": "08/27/2018 18:47:14", "acknowledgedDate": "", "acknowledgedUsername": "", "alarmName": "Failed User Logon", "conditionType": 22, "id": 8195 }] mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] params = {"triggeredTimeRange": "CURRENT_DAY"} actual_response = alarm_get_triggered_alarms(ops, params) assert content2 == actual_response
def test_case_edit_case_details(self, mocked_requests_post): ops = check_config(t_config_data) content = { "dataSourceList": None, "assignedTo": 1, "orgId": 1, "closeTime": "08/22/2018 21:27:34", "eventList": [], "deviceList": None, "notes": [{ "changes": [], "content": "", "username": "******", "action": "Open", "timestamp": "08/22/2018 21:27:34(GMT)" }], "noteAdded": "", "history": [{ "changes": [], "content": "", "username": "******", "action": "Viewed", "timestamp": "08/22/2018 21:28:24(GMT)" }], "severity": 1, "summary": "test5", "openTime": "08/22/2018 21:27:34", "id": 8194, "statusId": { "value": 1 } } mocked_requests_post.return_value = generate_response(content, 200) case = case_get_case_detail(ops, {}, 1) assert content == case
def test_get_authenticated_headers(self, mocked_requests_post): ops = check_config(t_config_data) content = {"status": "success"} mocked_requests_post.return_value = generate_response(content, 200) expected_headers = { "content-type": "application/json", "cache-control": "no-cache", "Cookie": "JWTToken=mock_cookie_token", "X-Xsrf-Token": "mock_header_token" } actual_headers = get_authenticated_headers(ops.get("esm_url"), ops.get("esm_username"), ops.get("esm_password"), ops.get("verify_cert")) assert expected_headers == actual_headers
def test_get_results(self, mocked_requests_common): ops = check_config(t_config_data) content = { u'rows': [{ u'values': [ u'08/20/2018 14:58:23', u'08/20/2018 14:58:23', u'306-50080', u'1', u'::', u'A physical network interface connection has been made or removed', u'', u'', u'', u'', u'' ] }], u'columns': [{ u'name': u'Alert.FirstTime' }, { u'name': u'Alert.LastTime' }, { u'name': u'Alert.DSIDSigID' }, { u'name': u'Alert.EventCount' }, { u'name': u'Alert.SrcIP' }, { u'name': u'Rule.msg' }, { u'name': u'Alert.BIN(1)' }, { u'name': u'Alert.4259843' }, { u'name': u'Alert.BIN(4)' }, { u'name': u'Alert.BIN(10)' }, { u'name': u'Alert.65538' }] } mocked_requests_common.execute_call_v2 = MagicMock() mocked_requests_common.execute_call_v2.return_value = generate_response( content, 200) response = get_results(mocked_requests_common, ops, {}, "123456789") assert content == response
def test_success(self, mocked_execute_call_v2, circuits_app, mcafee_esm_qry_type, mcafee_esm_qry_config, expected_results): """ Test calling with sample values for the parameters """ function_params = { "mcafee_esm_qry_type": mcafee_esm_qry_type, "mcafee_esm_qry_config": mcafee_esm_qry_config } content1 = {"status": "success"} content2 = { "totalRows": 0, "resultID": "123456789", "totalResultID": "0", "groupByString": "", "countColumn": 0, "labelColumn": 0, "attributeColumn": 0, "drilldownColumn": 1 } content3 = { 'totalRecords': 1, 'complete': True, 'milliseconds': 5, 'percentComplete': 100 } content4 = { u'rows': [{ u'values': [ u'08/20/2018 14:58:23', u'08/20/2018 14:58:23', u'306-50080', u'1', u'::', u'A physical network interface connection has been made or removed', u'', u'', u'', u'', u'' ] }], u'columns': [{ u'name': u'Alert.FirstTime' }, { u'name': u'Alert.LastTime' }, { u'name': u'Alert.DSIDSigID' }, { u'name': u'Alert.EventCount' }, { u'name': u'Alert.SrcIP' }, { u'name': u'Rule.msg' }, { u'name': u'Alert.BIN(1)' }, { u'name': u'Alert.4259843' }, { u'name': u'Alert.BIN(4)' }, { u'name': u'Alert.BIN(10)' }, { u'name': u'Alert.65538' }] } mocked_execute_call_v2.side_effect = [ generate_response(content1, 200), generate_response(content2, 200), generate_response(content3, 200), generate_response(content4, 200) ] results = call_mcafee_esm_query_function(circuits_app, function_params) results.pop("metrics") assert (expected_results == results)